First this isn't a new law. it was went into effect in 2005. It's not a provider issue it's an IT issue. And normal HIPPA stuff should cover anything providers need to know. It's mostly geared to your financials. Now that being said there are some companies out there that are selling a FACTA product for healthcare.
The first FTC rulling was against BJ's wholesale for not keeping the customers credit card information encrypted. (simplification)
Untill a recognized regulator (JCAHO, CMS,etc) comes along and adds it to my list of things I have to so, I"m not goingn to worry about it. I might however send an email to my finacial people and IT as a hint to make sure they are looking at it.